An out-of-bounds read error condition exists in Broadcom's BCM4325 and BCM4329 combo solutions firmware. This error can be leveraged to denial of service attack, and possibly information disclosure. An attacker can send a RSN (802.11i) information element, which causes the Wi-Fi NIC to stop responding.
Products containing BCM4325 and BCM4329 chipsets:
** BCM4325
- Apple iPhone 3GS
- Apple iPod 2G
- HTC Touch Pro 2
- HTC Droid Incredible
- Samsung Spica
- Acer Liquid
- Motorola Devour
- Ford Edge (yes, it's a car)
** BCM4329
- Apple iPhone 4
- Apple iPhone 4 Verizon
- Apple iPod 3G
- Apple iPad Wi-Fi
- Apple iPad 3G
- Apple iPad 2
- Apple Tv 2G
- Motorola Xoom
- Motorola Droid X2
- Motorola Atrix
- Samsung Galaxy Tab
- Samsung Galaxy S 4G
- Samsung Nexus S
- Samsung Stratosphere
- Samsung Fascinate
- HTC Nexus One
- HTC Evo 4G
- HTC ThunderBolt
- HTC Droid Incredible 2
- LG Revolution
- Sony Ericsson Xperia Play
- Pantech Breakout
- Nokia Lumina 800
- Kyocera Echo
- Asus Transformer Prime
- Malata ZPad
Broadcom's official response:
"CORE Security Technologies has identified a potential Denial-of-Service (DoS) vulnerability in certain older Broadcom Wi-Fi chips, specifically the BCM4325 and BCM4329. Other Broadcom chips are not affected. This DoS issue identified by CORE Security Technologies, which would require significant technical expertise to mount, could cause certain consumer electronics devices containing these chips to experience a transient WLAN service interruption as long as the DoS is active. During the service interruption, other phone/tablet features would be unaffected. The DoS issue does not in any way compromise the security of users' data. Broadcom has a patch available that addresses the issue and makes devices that include the BCM4325 and BCM4329 immune to a potential attack. Customers are accepting the patch on a case by case basis, recognizing that most affected devices are out of service. Broadcom has issued a patch that can make devices using the BCM4325 and BCM4329 chips immune to the issue as well. Broadcom has been working with our customers providing information and fixes as required and will continue doing so in response to address security and performance issues that may be identified."
Source
Let us hope that all manufacturers have take the above issue in consideration for update ... soon ...
Products containing BCM4325 and BCM4329 chipsets:
** BCM4325
- Apple iPhone 3GS
- Apple iPod 2G
- HTC Touch Pro 2
- HTC Droid Incredible
- Samsung Spica
- Acer Liquid
- Motorola Devour
- Ford Edge (yes, it's a car)
** BCM4329
- Apple iPhone 4
- Apple iPhone 4 Verizon
- Apple iPod 3G
- Apple iPad Wi-Fi
- Apple iPad 3G
- Apple iPad 2
- Apple Tv 2G
- Motorola Xoom
- Motorola Droid X2
- Motorola Atrix
- Samsung Galaxy Tab
- Samsung Galaxy S 4G
- Samsung Nexus S
- Samsung Stratosphere
- Samsung Fascinate
- HTC Nexus One
- HTC Evo 4G
- HTC ThunderBolt
- HTC Droid Incredible 2
- LG Revolution
- Sony Ericsson Xperia Play
- Pantech Breakout
- Nokia Lumina 800
- Kyocera Echo
- Asus Transformer Prime
- Malata ZPad
Broadcom's official response:
"CORE Security Technologies has identified a potential Denial-of-Service (DoS) vulnerability in certain older Broadcom Wi-Fi chips, specifically the BCM4325 and BCM4329. Other Broadcom chips are not affected. This DoS issue identified by CORE Security Technologies, which would require significant technical expertise to mount, could cause certain consumer electronics devices containing these chips to experience a transient WLAN service interruption as long as the DoS is active. During the service interruption, other phone/tablet features would be unaffected. The DoS issue does not in any way compromise the security of users' data. Broadcom has a patch available that addresses the issue and makes devices that include the BCM4325 and BCM4329 immune to a potential attack. Customers are accepting the patch on a case by case basis, recognizing that most affected devices are out of service. Broadcom has issued a patch that can make devices using the BCM4325 and BCM4329 chips immune to the issue as well. Broadcom has been working with our customers providing information and fixes as required and will continue doing so in response to address security and performance issues that may be identified."
Source
Let us hope that all manufacturers have take the above issue in consideration for update ... soon ...
